Blog

AP Fraud Part 2: Expense Account and ACH Fraud

November 24, 2020

By Matthew Albert

Let’s continue with the second of our three-part series on AP fraud.  The last time you heard from us, we offered a general introduction to the different ways fraud can occur within your AP department.  Then, we gave you some details on how to prevent Fake Check fraud and Fake Billing fraud.  Today, let’s cover two more areas:  Expense Account and ACH fraud.

Expense Account Fraud

Let’s say you have a group of employees who do top-notch work for your business every single day.  Sure, they have their slip-ups now and then, but don’t we all?  Overall, they’re a crew you’d fight for any day of the week.

Being the good boss that you are, you know that the best leaders empower their brightest stars.  In return for their good work, you provide your employees lots of opportunities to grow your business with innovative ideas and initiatives.  Sometimes, these ideas and initiatives require some testing.  Testing, of course, requires resources and time, especially money.  That’s okay, though.  It’s worth it because you’re potentially investing in your company’s future.

Now, let’s also say that while you’re giving your employees some leeway to get creative, they incur some expenses while trying to test their solutions.  Depending on how adventurous a company you are, these expenses could be something small like a business dinner with a client, gas mileage reimbursement, or basic office supplies.  Expenses can also be something larger, though, like a luxury suite at a professional sporting event. Typically, either way, you’ll be happy to reimburse your employees for their purchases if they provide receipts.  After all, they’re working to grow the business.

But what happens if an employee lies about these expenses?  What if they claim they bought something they didn’t actually buy?  What if they request a check to be reimbursed for something that never happened?  These lies end up as fake expenses.  If you’re not careful, your AP department could end up cutting your employee a check for doing absolutely nothing and lying to you about it.

So what can you do about preventing these internal schemes?  Here are two fixes that will give you far more control over the situation.

  • Hire or train an internal auditor.  Give that auditor regular access and ability to verify every single transaction between a company and an employee.  If you need to cut a check for expense reimbursement, the auditor signs off on it only after they get clear proof (e.g., receipts) that the request is legitimate.
  • Train your entire AP department on the non-negotiable requirements for expense reimbursement.  Every single member of your AP department needs to know what counts as proof for reimbursement and what doesn’t.  If multiple members of your AP department can’t agree that a reimbursement is legitimate, then the request goes back to the employee with a request for more specific information.

These internal controls work, too!  Last year, the AFCE found that 43% of all fraud schemes were detected by a tip, with over half of those tips coming from internal employees.  Trust your good ones.  They want to be part of a successful business just as much as you do.

ACH Fraud

Thank goodness for the automated clearing house, right?  Thanks to the ACH, you can just directly deposit your employees’ salaries into their bank accounts at a moment’s notice.  No trips to the bank, no lost time to printing and reprinting checks, more convenience for everyone.

Oh if only it were bulletproof.  In 2018, the Association for Financial Professionals’ Payments Fraud found that 33% of organizations were subject to ACH fraud.  That was up from 20% the year before.

To be fair, though, ACH setups are usually pretty secure and difficult to hack.  With that said, it’s not impossible.  Here’s what some crooks have done to ACH systems in the past:

  • A hacker breaks into the system, accesses employee credentials, and generates an ACH file in their name.
  • The same as above except the hacker sets up an account as an automatic bill pay recipient.
  • An employee handling ACH transactions clicks on a link with a virus that tracks their typing on the keyboard and sends it back to the hackers.  Many times, this typing log includes sensitive information like account passwords.  The hackers then access your software, impersonate the employee, and set up payments to themselves.

Who better to help us monitor ACH fraud than the FBI?  Here are some really simple recommendations with long-term benefits:

  • Reconcile ACH accounts frequently.
  • Set strong passwords, change them often, and store records of them in secure locations.
  • Consistently update your firewalls and antivirus software.
  • Designate certain computers as “ACH Work Only”.  That way, you don’t have to worry about careless internet browsing handing you over to fraudsters.

Next Up:  Kickbacks